Bottom Line

Avast Premium Business Security is a good step up from the free offering, yet lacks many of the features (like reporting) required for businesses to take it seriously.
An upsell front and center on my dashboard tells me that Avast doesn't even take itself seriously.

June 5, 2019

Avast Business Antivirus Pro Plus (which begins at $47.99 per device per year) brings the popular desktop antivirus and security suite to small businesses as a cloud-based hosted endpoint protection product. It covers the most popular desktop platforms, such as Mac OS and Windows; however, it doesn't include a mobile option such as Editors' Choice winner Bitdefender GravityZone Elite does. What sets it apart are its peripheral features. Besides providing an effective antivirus, anti-malware, and browser-protection capabilities, it also adds a virtual private network (VPN) service, sandbox browser, and data shredder. That said, it doesn't match up on other key features, including mobile device management and root cause analysis, which is primarily what keeps it behind our Editors' Choice winner in the endpoint protection category, Bitdefender GravityZone Elite.

Installation and User Interface

Avast Business Antivirus Pro Plus' web console is simple but, while that's pleasant out of the box, you might find it excessively simple over time. The opening dashboard does give you a quick overview of the device count, number of threats detected, and a trend line of threats. But the dashboard doesn't include any more detail than that. For good insight, it is necessary to drill down to either the Reporting tab or click through to one of the Device Summary pages.

Once on a Device Summary page, there is a significant amount of detail regarding threats. In addition to showing the date detected and the threat name, the screen also shows the mode responsible for detecting it, similar to the Live Status page of Trend Micro Worry-Free Business Security Services, but devoted to a single device. Knowing whether the File Shield, Behavior Shield, or Web Shield blocked the threat can give some indication about where and how users are being attacked which, in turn, can drive newer and better security policies. You can quickly add new devices by clicking the Download Antivirus button and choosing an installer package to download, or by providing email addresses to receive the client download link. Devices can also be grouped together with Settings templates.

The Settings templates have undergone a significant visual overhaul. The major components are now just simple toggle switches that can be flicked on or off at will. While not everything is on by default, it's easy to go full tilt with the settings and then back down as needed. One feature in particular that I liked in the Antivirus settings was DeepScreen, which performs some additional checking when an unknown executable file is run. This works in tandem with CyberCapture, which checks all unknown files for potential threats. There is also a pull-down menu called Hardened Mode that lets you manually set how aggressive the Antivirus engine works. For testing, I set this to the most aggressive setting.

Notifications are also straightforward to set up. The available notifications are all on a single page, with a toggle switch to turn them on or off within the application. Below each is a pull-down menu that lets you specify if you want that notification in email instantly, batched and delivered at the end of the week, or not at all. There is enough detail in the notifications to be helpful without being annoying.

The Reporting page is a bit of a misnomer. There is only one report and it can't be saved off to a file or emailed unless you print the page as a PDF file. It does do a better job than the dashboard of giving you an overview of threat activity but that's about as far as it goes. It doesn't really do much in the way of providing an audit log, and you'll find yourself looking through client logs to get any real detail. For a centrally managed service, this could be improved.

Ransomware Protection

Avast Business Antivirus Pro Plus' ransomware protection features are predominantly based on prevention as opposed to reversal. As such, there isn't a rollback feature available. It does make heavy use of behavior analysis via the Behavior Shield feature, which has a good shot at detecting new ransomware variants as well as a sandbox feature that provides a safe environment to test potentially dubious files.

Combined with the firewall and ongoing checks for security issues via Smart Scan, Avast Business Antivirus Pro Plus does a good job of plugging potential holes that ransomware, or any malware, could slip through. There is still a little voice in my head that wants to emphasize good backups just in case Avast Business Antivirus Pro Plus happens to miss something.

Test Results

My initial testing involved using a known set of malware collected for research purposes. Each was stored in a password-protected ZIP file and was extracted individually. The virus samples, when extracted, were detected immediately. Out of 142 malware variants, all items were flagged and quarantined.

To test protection against harmful websites, a random selection of the newest 10 websites were selected from PhishTank, an open community that reports known and suspected phishing websites. All of the Uniform Resource Locators (URLs) attempted resulted in a the website in question being blocked. This was a significantly better performance than products such as McAfee Endpoint Protection Essential for SMB, which blocked only one, and Symantec Endpoint Protection Cloud, which has consistently lagged behind in this area.

To test Avast Business Antivirus Pro Plus' response to ransomware, I used a set of 44 ransomware samples, including WannaCry. None of the samples made it past extraction from the ZIP file. This is not terribly surprising since each of the samples has a known signature. That being said, the response was swift and severe. The executables were promptly flagged as ransomware and removed from disk. KnowBe4's ransomware simulator RanSim was also flagged as a ransomware instance as well. Since it's likely these were picked up via known signatures, I proceeded with a more direct approach by simulating an active attacker.

All Metasploit tests were conducted using the default settings of the product. Since none of them succeeded, I felt confident in skipping any settings of a more aggressive nature. First, I used Metasploit to set up an AutoPwn2 server designed to exploit the browser. This launches a series of attacks that are known to succeed on common browsers such as Firefox and Internet Explorer (IE). Avast Business Antivirus Pro Plus correctly detected each exploit and canceled the attack. This performed at or above expectations.

The next test used a macro-enabled Microsoft Word. Inside of the document contained an encoded app that a Microsoft Visual Basic Script (VBScript) would then decode and attempt to launch. This can often be a tricky condition to detect when various masking and encryption techniques are used. The file produced an error when opening, indicating that the attack failed.

Lastly, I tested a social engineering based attack. In this scenario, the user downloads a compromised installer of FileZilla using Shellter. Upon executing it, it will execute a Meterpreter session and call back to the attacking system. It was detected and blocked from executing.

In terms of independent lab testing, AV-Test reports Avast Business Antivirus Pro Plus as blocking 100 percent of the 275 samples used in their testing, and delivers a "6.0 out of 6.0" score on usability and a "5.5 out of 6.0" on performance. MRG Effitas' 360 Degree Assessment & Certificate for the second quarter of 2018 also has good things to say about Avast Business Antivirus Pro Plus. 99.5 percent of samples use were automatically blocked, and the remaining 0.5 percent were blocked based on the malware's behavior. It also blocked 100 percent of the tested ransomware out of the 29 samples used. This is excellent performance, and on par with our Editors' Choice selections such as Bitdefender GravityZone Elite.

Any threats that Avast Business Antivirus Pro Plus picked up resulted in a response that was swift and final. Email alerts were triggered quickly and the client was shown a small panel that described the threat and the action taken against it. The dashboard also acknowledged the existence of a threat within a few seconds and displayed it as part of the summary, making it available on the Reporting page.

Final Thoughts

Overall, Avast Business Antivirus Pro Plus is a solid service. It makes managing security an easy task for a small business administrator. While not quite on par with Editors' Choice-winning Bitdefender GravityZone Elite, it is one of the better solutions available for protecting your organization. That being said, it does not deliver the right level of analysis tools for a product of its price. It also lacks mobile device management, which is becoming a standard part of most hosted endpoint protection products.

More Inside PCMag.com

About the Author

Matthew D. Sarrel, CISSP, is a network security, product development, and technical marketing consultant based in New York City. He is also a game reviewer and technical writer. To read his opinions on games please browse http://games.mattsarrel.com and for more general information on Matt, please see http://www.mattsarrel.com. See Full Bio